Effective cyber-security planning keeps trains running on time
The digital transformation of railways is bringing substantial benefits in safety, operational efficiency and reliability, as well as an improved passenger experience. But these advances also inevitably expose the railways to cyber-threats, writes Karsten Oberle, Head of the Global Railway Practice at Nokia.
As primary movers of people and goods, railways play a central role in the economic and social life of most countries. Railways have also become an attractive target for potential cyber-attacks, due in large part to the enormous economic and societal impacts that can result from cutting off rail service – just a few hours disruption can wreak havoc on most cities.
Cyber-crime has become a lucrative business, and a substantial potential expense for those who need to defend against it. Just like their legitimate online counterparts, cyber-criminals and the threats they pose are constantly evolving, forcing railway operators and others managing critical infrastructure to continually adapt their threat abatement strategies. Much of the discussion around cyber-security tends to focus on technological methods to address these threats.
Digital transformation increases risks
This shouldn’t be particularly surprising, as digitalisation is transforming virtually every major industry and railways are no exception. The adoption of IP-based networks and Internet of Things (IoT) technologies are enhancing safety, increasing operational efficiency and improving the passenger experience, which are all net positives. Yet, these developments increase the vulnerability of railway operations to cyber-attacks.
However, technology itself is only part of the answer when it comes to addressing threats. It has become clear that multiple layers of protection, both technological and procedural, are required to keep trains running.
What railway operators should consider is implementing a security lifecycle strategy by applying technical solutions and enhanced security practices/processes.
To keep pace with the rapid rise in attacks, operators should consider shifting from legacy reactive security infrastructures (detection and response) into proactive automated security lifecycles. To effectively implement this strategy, Nokia recommends following the security orchestration, automatisation and response (SOAR) model, introduced by Gartner.
Evolving regulatory landscapes
There are multiple factors driving railway operators to develop plans to identify and characterise risk, to put defences in place and to make preparations for restoring operations as quickly as possible. Notable among them are regulatory pressures. The fact is, failing to prepare adequately to address cyber-security threats is a substantial risk in, and of, itself.
The fact is, failing to prepare adequately to address cyber-security threats is a substantial risk in, and of, itself.
For instance, regulations such as the European Union’s Network and Information Security (NIS) directive demand that comprehensive protections be put in place, and failure to do so can result in substantial penalties.
While the interpretation of NIS can vary from country to country, certain fundamental standards need to be met and maintained. That said, keeping these preparations up-to-date in the face of a fast-evolving regulatory and threat environment is no small task.
Monitoring and mitigation
No matter the specifics of the regulatory framework in which a railway operates, any successful plan will depend on the ability to detect risks (in advance) and mitigate threats, whether from hostile actors or simple human error. Real-time monitoring and reporting capabilities are a baseline requirement to enable security teams to track and respond to emerging events.
Railway operators are increasingly looking into SOAR solutions to provide the needed tracking and analysis capabilities. These solutions can deliver a variety of benefits, notably the elimination of unauthorised access and misconfiguration, faster root cause analysis, faster response times through the application of pre-defined rule books and simplified (and standardised) reporting to federal and/or regional security incident response teams.
Typically designed to be vendor-neutral, SOAR solutions can interact with multiple, vendor-independent technologies used to collect data and/or trigger specific actions. Through the application of advanced analytics and machine learning techniques, such systems can provide complex correlation and detection capabilities for precise security risk prediction and later root cause identification. This in turn can provide real-time security status offering greater lead time for the execution of target mitigations.
Similarly, customisable dashboards with powerful search and reporting capabilities can be optimised for the individual needs of the technical experts and security management teams. Automated workflows facilitate the investigation and mitigation of threat incidents, enabling experts to accelerate their response, particularly for common types of intrusions or faults.
One of the classic vulnerabilities that railway operators (and in fact all managers of IT and/or OT networks) face is unauthorised access to their systems, through ‘human error’ such as the use of weak or stale passwords. Eliminating this security hole is critical and requires robust and consistent security policies coupled with automated, network-wide security measures such as password aging and complex password requirements.
Security can also be improved using standardised, unified access security policies across the network infrastructure, such as the implementation of identity management systems for privileged users of critical networks, including comprehensive video/text logging to help ensure a high compliance to key security specifications. This helps address a growing need on the part of railway operators to better track who has accessed the network, and when, to enable them to identify the source of vulnerabilities and ideally who used the resulting back door. This long-term forensics capability is often also required by regulators.
Improper configuration of systems can also lead to vulnerabilities. Automated configuration audits can help to identify and address these risks, providing much-needed peace of mind for operators.
A key element of such audits is the implementation of fully automated error identification, which can eliminate time consuming manual processes/scripts and make for more effective troubleshooting.
These steps, when applied before and after an upgrade, help guarantee that changes have been made correctly and advises engineers of potential service-affecting impacts before new equipment or applications go live.
A periodic configuration check can identify and eliminate misconfigurations and help to ensure network configuration compliance and detection of configuration-caused vulnerabilities, improving quality and reducing service before it comes to outages or degradation.
Like most other industries, the Internet of Things (IoT) promises to transform railway operations in a variety of ways. The billions of ‘things’ that are (or will be) connected in these IoT networks (sensors, cameras, meters, monitors, actuators, and controllers) have essentially the same security requirements as mobile phones, computers and consumer electronics devices: device connections need to be safe; data must be safeguarded; and privacy must be maintained to ensure that the devices are not subject to hacking, manipulation and other network threats.
Like most other industries, the Internet of Things (IoT) promises to transform railway operations in a variety of ways.
The autonomous operation of IoT devices introduces additional security challenges that are not fully addressed by the current security management solutions used for mobile phones. Most of the devices that make up IoT networks are unmanned and may not even have a conventional user interface. Also, many are meant to operate unattended for extended time periods, with no physical human interaction. However, state-of-the-art IoT security solutions can monitor the network traffic generated by the IoT devices and alert for abnormal behaviours, which can help railway operators address this challenge.
For devices that are part of a mission-critical application, such as signalling, alerts or faults must be processed in real-time to ensure seamless service continuity. Just as important, corrective actions must be initiated automatically, either from or to the IoT devices, based on security policies. Finally, the data transmitted to and from IoT devices needs to be auditable to enable accuracy, governance and regulatory compliance.
Because many IoT devices do not have the capability to regularly share information with the network, it is essential that these devices be properly identified and certified at the time they are deployed. Existing 4G LTE networks, and emerging 5G networks are designed with certificate management systems in place that are intended to deal with this particular problem.
The LTE standard, which was developed by the 3G Partnership Project (3GPP), a global standards body, supports public key infrastructure (PKI), which enables the encryption of communications traffic between network infrastructure and wireless devices, and can be used to enable secure IoT connections. To ensure that this process works smoothly and seamlessly, all devices much be verified as trusted before being introduced into the network.
Because it was developed as an open, multi-vendor framework that can integrate a wide array of devices from a potentially limitless number of suppliers, the certificate management capabilities built into the LTE standard are particularly well-suited to the challenge of securing IoT devices. Manufacturer provided certificates with a unique, secure identifier can ensure that devices have not been modified or tampered with prior to deployment and help ensure the identify of those devices once in operation.
However, the management of digital certificates also brings additional complexity, as the large number of certificates and diversity of suppliers (certificate authorities) requires a significant effort to manage renewal and deployment tasks. To tackle this, technologies which automate the enrolment and deployment of digital certificates can bring operational savings and prevent costly errors.
Humans and machines – a perfect combination
When it comes to addressing the challenge of railway cyber-security, a strong collaboration between security technologies and well-established, and yet dynamic, management practices is essential. The reality is that cyber-security threats are ultimately directed by human actors, and railway security personnel have a critical role to play in mitigating those threats. However, providing them with up-to-date, state-of-the-art tools to defend these systems is an important contributor to keeping trains running.
Karsten Oberle leads the Global Railway Practice in Nokia’s Transportation sales organisation. When he’s not working on expanding the business in the railway sector with novel solutions, filing patents or contributing papers, he spends time with his family.